The present invention relates to a device for processing data packets. More in particular, the present invention relates to a device for cryptographically processing data packets, said device comprising identification means for identifying a data packet, processing means for cryptographically processing the data packet, memory means for storing information relating to the processing, and control means for selecting information related to the data packet. A device of this type is disclosed in the Specification of U.S. Pat. No. 5,048,087.
In practice it is known to arrange for data communication, including telephony, to take place by means of data packets. Diverse techniques for data communication with the aid of data packets, such as X.25 and ATM ("asynchronous transfer mode"), are known. The need exists to an increasing extent to secure the data traffic by means of encrypting the messages (data packets). For this purpose, an encrypting device can be incorporated at the transmitting end and a decrypting device at the receiving end in the data connection concerned.
In modern data communication techniques, data packets belonging to a plurality of logical connections are transmitted via a single physical connection. Such logical connections will hereinafter generally be referred to as channels. Thus, for example, in the case of ATM, a plurality of "virtual channels" and "virtual paths" may use the same physical connection. At the same time, there is no fixed correlation between the consecutive data packets, referred to as "cells" in the case of ATM. The channel to which the data packet belongs can be read only from the header of each data packet.
If one or more of said channels is to be secured by encrypting, measures have to be taken to encrypt and decrypt data packets of a particular logical connection in a particular way, for example with a key belonging to the logical connection. For this purpose, the data packets of the different logical connections have to be identified in order to be able to determine the particular channel, and consequently, for example, the associated key, of a particular data packet.
In the device disclosed in U.S. Pat. No. 5,048,087, the identification means are formed by a packet identifier. Stored in a memory is a plurality of keys, one of which is retrieved in each case in order to process a data packet of a particular channel (logical connection) in the cryptographic unit provided therefor. In addition, in the known device, a cryptographic residue is, in each case, retrieved or, respectively, stored in addition to the key. Such a cryptographic residue can represent the status of a cryptographic process by which related data packets are encrypted or decrypted, respectively.
The known device has the disadvantage that it is relatively slow. For each incoming data packet, the matching key and the matching residue have to be loaded on the basis of the identification, after which the cryptographic processing (encrypting or decrypting) takes place. After the processing, the new residue (and possibly the key) has to be stored, in each case, before a subsequent data packet can be processed. It will be clear that the repeated performance, that is to say the performance for each data packet, of said steps takes place at the expense of the processing speed of the known device and, consequently, of the throughput speed of the data packets to be processed.
The storage and retrieval of only a key for each channel, which is disclosed per se, for example, in the publication "Data security in packet switched networks", which is specified in greater detail below, may, in principle, be faster but still requires a relatively large amount of processing time. Such a solution is furthermore unsuitable for cryptographic procedures whose status has to be stored between two processing steps. It is precisely such procedures which are at present much used for encrypting data communication.
International Patent Application WO93/09627 discloses a cryptographic apparatus for use in computer networks. In its key generator, the apparatus comprises pairs of parallel registers each outputting a single key bit. Depending on data packets being designated "local" or "broadcast", the key bits of one of the pairs of registers is used to contribute to the running key encrypting the data packets. This known design is not suitable for cryptographically processing data packets of a large number of channels at a high data rate.
In modern data communication, speed plays an ever greater role. Devices for processing data packets, such as cryptographic devices, therefore have to satisfy ever higher speed requirements. In the known device, which involves reloading and storing related processing information for each data packet, said retrieval and storage of information forms a speed-limiting factor.